Dell EMC OpenManage Integration Version 7.3 with Microsoft System Center (OMIMSSC) for System Center Operations Manager (SCOM) Security Configuration Guide July 2021 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2009 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Figures..........................................................................................................................................5 Tables........................................................................................................................................... 6 Chapter 1: PREFACE......................................................................................................................7 Chapter 2: Security Quick Reference...................................
Licensing of Dell EMC OpenManage Integration with Microsoft System Center (OMIMSSC) for System Center Operations Manager (SCOM) ......................................................................................................24 Manage backup and restore in OMIMSSC..................................................................................................................24 PowerShell Permission.........................................................................................................
Figures 1 OMIMSSC for SCOM security controls map......................................................................................................
Tables 6 1 Revision History..........................................................................................................................................................8 2 Pre-loaded accounts and default credentials.................................................................................................... 16 3 User accounts with required privileges...............................................................................................................
1 PREFACE As part of an effort to improve its product lines, Dell EMC periodically releases revisions of its software and hardware. Some functions that are described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information about product features. Contact your Dell EMC technical support professional if a product does not function properly or does not function as described in this document.
Table 1. Revision History Revision Date Description A00 July 2021 Initial release of the OMIMSSC version 7.3 for SCOM Security Configuration Guide. Related documentation In addition to this guide, you can access the other guides available at https://www.dell.com/support. Click Browse all products, then click Software > Enterprise Systems Management.
2 Security Quick Reference Topics: • • • Deployment models Virtual Hard Disk (VHD) and Open Virtual Appliance (OVA) deployment Security profiles Deployment models You can deploy Dell EMC OpenManage Integration with Microsoft System Center (OMIMSSC) for System Center Operations Manager (OMIMSSC) as a VHD or OVA in Hyper-V or ESXi environment, as applicable. Virtual Hard Disk (VHD) and Open Virtual Appliance (OVA) deployment OMIMSSC is available in VHD and OVA formats. It can be downloaded online.
3 Product and Subsystem Security Topics: • • • • • • • • • • • • Security Controls Map Authentication Login security settings Authentication types and setup considerations User and credential management Network security Data security Cryptography Auditing and logging Serviceability OMIMSSC Operating System update Product code integrity Security Controls Map The OMIMSSC appliance for SCOM performs discovery and monitoring of PowerEdge servers, chassis, and network switches on the SCOM console.
Figure 1. OMIMSSC for SCOM security controls map Authentication Access control Access control settings provide protection of resources against unauthorized access. Dell EMC OpenManage Integration Dashboard accessed by Microsoft System Center Operations Manager (SCOM) console provide users with appropriate roles and privileges configured in Microsoft Active Directory. OMIMSSC Admin Portal access is given to OMIMSSC appliance admin account.
Local user account (Admin account) OMIMSSC for SCOM provides a single default local administrative user account. The username of this internal account is admin. The local administrator has access to all operations in the Dell EMC OMIMSSC Admin Portal only. The first time that you deploy OMIMSSC, you are prompted to set the password. Follow the on-screen instruction to set the password. Read-only user account OMIMSSC for SCOM provides a single default local read-only user account.
allowed at any given time. OMIMSSC admin account supports multiple account logins and each account login has a separate session Failed login behavior OMIMSSC for SCOM includes security settings when there are multiple unsuccessful authentication occurrences. For invalid login attempts the user is prompted with the User Name or Password is incorrect message.
OMIMSSC Appliance administration Authentication types OMIMSSC for SCOM supports basic username and password-based authentication. OMIMSSC appliance credentials are stored in appliance in secured manner. Admin user can log in to OMIMSSC Admin Portal and appliance VM console using valid credentials. Setup considerations OMIMSSC admin operations for setup OMIMSSC admin performs the following operations to integrate with Microsoft System Center Operations Manager (SCOM) Console.
Setup considerations Dell EMC OpenManage Integration Dashboard operations for setup Dell EMC OpenManage Integration Dashboard provides interface in SCOM console. To access Dell EMC OpenManage Integration Dashboard, OMIMSSC appliance provide login page for the SCOM Console Users. OMIMSSC appliance depends on Microsoft Active Directory (AD) for user authentication to access OpenManage Integration Dashboard pages. It validates the user authentication on AD on periodic basis.
To enable PowerShell Remoting, see PowerShell Permission on page 24. User and credential management OMIMSSC Appliance administration OMIMSSC appliance comes with default pre-loaded accounts and does not support custom accounts. Pre-loaded accounts The following table describes the pre-loaded OMIMSSC accounts: Table 2. Pre-loaded accounts and default credentials User Account Username Password Description Admin User admin Set on first boot after deployment.
Steps 1. Launch OMIMSSC Appliance VM console, and login using the old credentials. 2. Navigate to Change Admin Password and click Enter. The screen to change password is displayed. 3. Provide your present password, and then provide a new password matching the listed criteria. Re-enter the new password and click Enter. The status after changing the password is displayed. 4. To come back to home page, click Enter. NOTE: Appliance will reboot after changing the password.
● Enrolled SCOM consoles ● Generate and download the troubleshooting bundle ● For invalid login attempts the user prompted with User Name or Password is incorrect message.
Table 4. Port information for OMIMSSC appliance (continued) Communication purpose Port number Protocols Direction Source Destination Description Inventory or health update to SCOM 111 TCP In SCOM management server OMIMSSC appliance Appliance permits NFS share to share the inventory details to management packs. UI operations from the SCOM view 443 TCP In SCOM management server OMIMSSC appliance UI operations using OMIMSSC dashboard which is started from the SCOM console.
Table 5. Port information for SCOM Management Servers and Dell EMC Alert Relay Servers (continued) Communication purpose Port number Protocols Direction Source Destination Description Health or metrics update to SCOM 5985 and 5986 TCP In OMIMSSC appliance All SCOM Management Servers PowerShell commands are started from the appliance.
Sensitive Data Migration While migrating from old appliance, the old data will be stored as backup file, the key-store and password will be exported as part of backup procedure. While restoring the data on new appliance, the sensitive data will be re-encrypted using new encryption key. For additional security, admin user provides password to protect the exported backup files. Following are the steps to migrate data: 1. Backup the OMIMSSC appliance data using Admin portal.
Web server logs The admin user can use the OMIMSSC administration console to generate a troubleshooting bundle with all the relevant logs. For more information, see Download troubleshooting bundle . The read-only account helps troubleshoot the appliance by allowing the user to read various parameters of the appliance at runtime. For advanced troubleshooting, see the Tech support guides to check specific parameters.
Product code integrity The OMIMSSC software installer is signed by Dell. Download installation software from https://www.downloads.dell.com. To ensure the integrity of your download, verify the checksum value. Checksums are available in MD5, SHA1, and SHA-256. It is recommended that you verify the authenticity of the OMIMSSC installer signature. In PowerShell, Get-FileHash cmdlet can compute the hash value for the OMIMSSC___SCOM._.zip file.
4 Miscellaneous Configuration and Management Topics: • • • Licensing of Dell EMC OpenManage Integration with Microsoft System Center (OMIMSSC) for System Center Operations Manager (SCOM) Manage backup and restore in OMIMSSC PowerShell Permission Licensing of Dell EMC OpenManage Integration with Microsoft System Center (OMIMSSC) for System Center Operations Manager (SCOM) OMIMSSC has two types of licenses: ● Evaluation license—this is a trial version of the license containing an evaluation license for five
○ Run the command: Enable-PSRemoting. ○ In the confirmation message, enter Y. ● In PowerShell, run the command: Get-ExecutionPolicy. If the policy is not set to RemoteSigned, set it to RemoteSigned by using the following commands. ○ Run the command: Set-ExecutionPolicy RemoteSigned. ○ In the confirmation message, enter Y.
